I have just recieved this in my email: from spamis - i don't know there email address, but they claim that microsoft has bought a big spam company so that they can basically use it for selling more products from microsoft by allowing spam to get through... Aswell they removed a pop up blocker it says in one of the recent updates.

anyhow this is long, so sorry if it looks like "spam"

As Originally Reported by the NEW YORK TIMES 06/30/05:

BREAKING NEWS:

MICROSOFT PLANS TO BUY THE WORLD'S LARGEST SPYWARE COMPANY IN
AN ATTEMPT TO SPAM 40 MILLION+ COMPUTER USERS WITH MICROSOFT ADS

----- ---- --- -- - -

By Ray Everett-Church / eSecurityPLANET
July 18, 2005

Ray Everett-Church is a principal with PrivacyClue LLC, a
privacy consultancy. He is a founder of CAUCE, an anti-spam
advocacy group, and he is co-author of ''Internet Privacy for
Dummies.''

----- ---- --- -- - -

It's been a bad month for Microsoft's efforts to promote their
visions of trustworthiness and authentication in Internet
commerce.

Just as the ground began to crumble beneath Microsoft's "Sender
ID" email authentication proposal, it was discovered that the
Redmond, Wa.-based software giant was considering acquiring
Claria, one of the world's most notorious adware and spyware
companies.

Let's look first at the email authentication wars. As I've
discussed previously, the battle over email authentication has
been raging for several years. Among the many proposals being
considered by the email industry and Internet standards community
is Microsoft's Sender ID and its closely related cousin, the
"Sender Permitted From" or SPF standard.

Both SPF and Sender ID use text records entered into a domain's
DNS entry that define what IP addresses should be permitted to
send email for that domain. These definitions embedded in the
sender's DNS records are then queried and parsed by the receiving
server to determine whether to accept or reject a particular piece
of email.

As I reported back in October, Microsoft's Sender ID proposal
became the subject of much scorn when it was discovered that, at
the same time they were promoting Sender ID as a global standard,
they were trying to patent the technology surrounding Sender ID.

In the intervening months, numerous major service providers
participating in the Messaging Anti-Abuse Working Group, an
industry consortium that is promoting the development of new email
authentication standards, have continued to test Sender ID. Their
recently released findings are not good news for Microsoft.

According to the technical committee's white paper :

"At best, SPF and Sender ID are comparable to a license plate
issued by a foreign country: they show that the vehicle is
permitted to drive in that country, but make no indication as to
whether that country’s regulations are similar to yours – and we
can only assume that the driver inside is permitted to use that
vehicle."

But the committee went on to explain that along with these dubious
benefits, there were some significant downsides to implementing
Sender ID.

These include:

* Forwarded or re-sent mail will fail authentication without
changing email systems to re-write return addresses and add new
headers;

* Those sites publishing authentication records must ensure that
their records permit mail from all possible points of origination
or risk having legitimate email mislabeled as spam;

* This method of authentication does not provide protection against
forgery of the most common user-visible mail headers;

* Receivers must be aware that performing some checks in accordance
with Sender ID and SPF may yield inaccurate authentication
results due to misinterpretation of the Sender's authorization.,
and

* If your operation provides email services to roaming users, you
may need to forge or add certain headers in order to ensure
successful authentication.

As a result, several major service providers have removed their
Sender ID and SPF statements from their DNS records in order to
avoid potential confusion and lost email.

But just as the industry is backing away from Sender ID, Microsoft
rekindled fears of monopolistic bullying tactics by unilaterally
declaring that all email sent to MSN and Hotmail would be scanned
for Sender ID compliance. Resistance is futile. If your company's
email doesn't pass a patent-pending Sender ID check, it might be
labeled as spam and consigned to the dreaded Spam folder.

Just as the world was trying to digest what Microsoft was
attempting to shove down its collective throat, word leaked out
that Microsoft was in talks to buy Claria, formerly known as Gator
-- one of the world's most notorious peddlers of spyware and adware
-- which I will call malware hereafter for the sake of brevity.

According to several news reports, Microsoft has been eager to
compete in the online advertising markets dominated by companies
like Yahoo and Google. Experts suggest that buying Claria would
give Microsoft a jumpstart in the market because of Claria
advertising network consisting of more than 40 million souls who
receive Claria annoying pop-up ads.

As one commentator wrote, this move "underscores just how eager
Microsoft is to catch up with Google, the search and advertising
giant."

Eager? How about desperate?

In my opinion, picking up Claria for its advertising network is
like buying a former nuclear bomb testing site because the lack of
anything standing gives you such great views in all directions.
Just don't touch anything, ignore the three-headed rabbits
populating the poisoned ground, and you'll be fine.

There are plenty of other ad networks out there, most of which got
to be successful without engaging in deceptive, unfair, and
lawsuit-provoking activities.

Some might say Microsoft and Claria have been unwittingly working
together for a long time. Claria advertising reach is directly tied
to its years of distributing malware and long history of its paid
"affiliates" taking advantage of security holes in Microsoft’s
operating system to install the software surreptitiously and without
end-users permission.

In its defense, Claria claims to be migrating its business model to
one focused on more legitimate forms of business. But like the Gotti
family and their garbage hauling business, I have a feeling that it
is going to take them some time to stop living off their other gigs.

More recent reports suggest that an acquisition of Claria is never
going to happen because Claria reputation is too tarnished for even
Microsoft's tastes. But that didn't stop Microsoft from giving Claria
a pre-engagement gift just last week -- downgraded threat rating in
Microsoft's anti-spyware utility!

According to Eric Howes of SpywareWarrior.com:

"Several sources have now confirmed that Microsoft downgraded its
detections of Claria’s adware products in the latest update (#5731)
to Microsoft AntiSpyware released today. Where Microsoft AntiSpyware
used to detect Claria’s products and present users with a Recommended
Action of 'Quarantine, following today’s update Microsoft AntiSpyware
now presents users with a Recommended Action of 'Ignore[.] Users can
still change the action to “Quarantine” or “Remove.”

In the end, though, this is nothing new. As I've noted before , other
security software makers have gone soft on malware. Microsoft's is only
the most recent, and to my way of thinking, the most unprincipled and
morally corrupt.

So the next time you hear pronouncements from Microsoft about their
efforts to make your computing experiences safer and more secure, a
deeper look may suggest that Microsoft's effort to be part of the
solution includes taking a bigger stake in the problem.

END OF ARTICLE

This may show how using windows or internet explorer could ruin people's lives. I don't know what to say...[/b]

1. If Microsoft stuff their Hotmail and MSN customers by blocking half their email and letting the spam through, I for one will call, "Walk this way to freedom, you poor nerds!"

2. Buying into a popup ad specialist while your newly-rebuilt coding team are developing a popup blocker for your next web browser release sounds just silly enough to be true. The age of popups is dying, and IE 7 will see it dead.

3. I recall the day that Microsoft had to remove spyware from Windows (or was it Word?) because it had been a) discovered and b) declared illegal - and then they had to do it again because it somehow crept back into the next upgrade release. Here we go again ... maybe.

4. Have no fear - GNU/Linux is here! If all that email is true, and more, my heart will not bleed.

"Klinger, do you know how many zoots were killed to make that one suit?" — BJ Hunnicutt, 4077 M*A*S*H

>>
As well they removed a pop up blocker it says in one of the recent updates
>>

I can't verify that, but it does point out the problem with auto updates/systems..

>>
Both SPF and Sender ID use text records entered into a domain's DNS entry that define what IP addresses should be permitted to send email for that domain
>>

Wouldn't a simple point of source address verification do it. I always figured that the problem there was that the providers would be conceding to a "duty of care" responsibility. That could open them up to legal attacks from firms that get lots of spam. Rather than any technical complexity.

>>
Microsoft's Sender ID proposal became the subject of much scorn when it was discovered that, at the same time they were promoting Sender ID as a global standard, they were trying to patent the technology surrounding Sender ID
>>

There's just nothing that mob wont try to pull off. It's just like letting the fox watch over the chicken shed (grin). And people will still try to see a good side to them too

>>
But the committee went on to explain that along with these dubious benefits, there were some significant downsides to implementing Sender ID.

These include:
>>

One could add to that ... As a global standard Microsoft recommends that all mail services in the world only use Microsoft approved software, specially designed to seamlessly implement the configuration of your mail service to facilitate SPF technology. Presently there is only one implementation of this important software available, provided by Microsoft for a nominal licensing fee. HA !

And as a patented technology, we at Microsoft will ensure that no other bugger is going to get in on the action either (grin).

>>
But just as the industry is backing away from Sender ID, Microsoft rekindled fears of monopolistic bullying tactics by unilaterally declaring that all email sent to MSN and Hotmail would be scanned for Sender ID compliance
>>

Yes, declarations like that are a typical MS bullying technique. Reminds me of a Netscape executives statement a number of years ago. He described Microsoft's yearly industry "get together talk", which they used to do (wouldn't know now), as the "hands off or else discussion". something to do with a talk they would give outlining their projected interests over the coming year.

>>
Eager? How about desperate
>>

As a company they exhibit definite solistical psychological traits, imo, when encounted in a destructive fashion, termable as psychopathic. MS destructive (dry_grin).

>>
There are plenty of other ad networks out there, most of which got to be successful without engaging in deceptive, unfair, and lawsuit-provoking activities
>>

Good point. The criminal type though, wont be able to help themselves for some strange reason. Likely the one mentioned above.

>>
So the next time you hear pronouncements from Microsoft about their efforts to make your computing experiences safer and more secure, a deeper look may suggest that Microsoft's effort to be part of the solution includes taking a bigger stake in the problem
>>

Yes, and the strategies outlined in the "Halloween" memo become clearer. It's about what they can get their customers to believe their about, thats the push. A person will only see two pebbles on a table, even though there are three ... if the education behind it was done right.

>>
This may show how using windows or internet explorer could ruin people's lives. I don't know what to say
>>

I'll say, it is so typical of that company. The Borg are just not to be trusted. And Bill isn't a philanthropist.

I've got personal proof of the MS IE4 installer scanning my disk for java kits when that came out. When MS were pushing their foundation classes and in court over alleged monopolistic activity. Pissed me off no end. so did all the deleted htmls that were still visible from Linuxes fat32 mount, but not in my OSR2.

guy
>>
The age of popups is dying, and IE 7 will see it dead.
>>

Unless they think they can rename it, some thing like "an important marketing news update", then it isn't a pop-up (grin).

bsaically though people still continue to use microsoft products without even having a look at linux, and when they get spam they will take microsoft's word saying they haven't done anything. It is happened many times, will we find out whether microsoft stole source code from macs?

comcamel wrote:bsaically though people still continue to use microsoft products without even having a look at linux, and when they get spam they will take microsoft's word saying they haven't done anything.

But when they find their friends' unverified emails get deliberately blocked, they will blame Microsoft. The phone companies learned this lesson before developing GSM, and the UK postal service (whatever it's called this week) just relearned it too. Not even M$ can buck the laws of human nature.

"Klinger, do you know how many zoots were killed to make that one suit?" — BJ Hunnicutt, 4077 M*A*S*H